[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldapadd requires confidentiality



Tony Earnshaw wrote:
ons, 21.01.2004 kl. 12.55 skrev "Frank Hoffsümmer":


now I started slapd interactively with debugging on:

$ libexec/slapd -d12 -f etc/openldap/slapd.conf daemon_init: <null>
daemon: bind(7) failed errno=125 (Address already in use) <<<=========== 1:
bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003)
bdb_db_init: Initializing BDB database
TLS: PRNG not been seeded with enough data <<<========== 2:
bdb_db_open: dc=svt,dc=se
slapd starting
daemon: added 6r
daemon: select: listen=6 active_threads=0 tvp=NULL



then, in another terminal window, my usual effort to add some entries:



$ bin/ldapadd -x -D 'cn=manager,dc=svt,dc=se' -h localhost -p 389 -W -f
top.ldif
Enter LDAP Password: ldap_bind: Confidentiality required (13)


but nothing shows on the console where i started slapd! shouldn't I see
something in debug mode when ldapadd tries (and fails) to bind to slapd?? (using the standard ldap.conf
and slapd.conf)


See above "arrows".

This is a Solaris-specific thing. I'm afraid I have no Openldap
experience on Solaris and have no machine to check on.

However:

1: above would seem to indicate that there is already a daemon running;
check that;
2: I don't know what you use to seed your encryption software, Linux has
a /dev/random which is usually used for this.

It looks as though you might have *2* LDAP instances on your Solaris
machine. The strange thing is, that in your slapd.conf you have nothing
about certificates, nor have you explicitly compiled for SSL support,
but your daemon is definitely trying to run with TLS support.

Hope that a Solaris Openldap person sees this and can help you further.
I know that there have been conflicts reported on this list for Solaris
stuff that is already installed as standard, and Openldap installs.

--Tonni


1) netstat -a ... will tell you what ports the server is listening on.

2) Support for /dev/random was introduced with Solaris 9. For versions prior to this install patch 112438-01.

--
Dave
--
Dave Lewney
Principal Systems Programmer, IT Services
University of Sussex, Brighton BN1 9QJ. Tel: 01273 678354 Fax: 01273 271956